Lotus Domino LDAP

Configuration Guide

© 2002 Metatude

24-4-2003
 1 Lotus Domino LDAP Configuration Guide

Table of Contents
Chapter 1 Introduction 2
1 About Metatude 2
2 About this manual 3
3 The Metatude suite 4

Chapter 2 Installation 5
1 Domino 5
2 Configure MPM 8

Chapter 3 Reference 10
1 Domino LDAP Reference 10
2 Set up Domino LDAP service 11

© 2002 Metatude
 Introduction 2

1 Introduction
1.1 About Metatude

The Metatude software suite allows you to collect feedback on the performance and activities of
your company from stakeholders such as customers, business partners, co-managers and
employees. This information is vital to your company because it allows you to fine-tune your
business activities and company policies to the perception of your performance. And it is this
information that will allow you to gauge and influence what others say and think about your
company, something that can make or break you. Essential information that constitutes the basis
for your business decisions.

Metatude's web-based software allows you to collect feedback on issues such as:
· customer satisfaction and loyalty;
· employee commitment;
· corporate reputation;
· business ethics;
· service level management.

Metatude is designed for large organizations whose IT infrastructure may be complex and have
many stakeholders. Once the software is installed you can easily define target groups, create
questionnaires, conduct research and manage output for analysis and reporting tools.

For more information on Metatude software, technology and business examples, please consult
our website: http://www.metatude.com

© 2002 Metatude
 3 Lotus Domino LDAP Configuration Guide

1.2 About this manual

This manual will show you how to configure your Lotus Notes Domino R5 server for use with the
Metatude software suite. First, this manual explains how to configure the Domino server for use
with LDAP (Lightweight Directory Access Protocol). The Metatude Dialogue Server can then
retrieve stakeholder information from the Domino server, using the LDAP protocol.

With the Metatude Project Manager you can add stakeholder directories that can be used in your
stakeholder feedback projects. This manual describes how to add your Domino server as a
stakeholder directory. You can find more information about stakeholder directories in the manual
for the Metatude Project Manager.

This manual is dated April 23 2003; Metatude will update this documentation if needed. Please
check http://www.metatude.com/support/ for recent versions of this document.

© 2002 Metatude
 Introduction 4

1.3 The Metatude suite

The Metatude software suite consists of four interacting software components:

1. Metatude Dialogue Server;

2. Metatude Channel Integration Components;
3. Metatude Dialogue Designer;
4. Metatude Project Manager.

The basis of the Metatude architecture is a central server (Metatude Dialogue Server) that needs
to be installed in your organization. This server maintains the connections with databases, stores
and serves the dialogues to stakeholders and collects and stores the collected data in a database.

Once the Dialogue Server is installed, you can manage any stakeholder feedback with two desktop
applications that are relevant for the regular user: the Metatude Dialogue Designer and the
Metatude Project Manager. Consultants, managers and researchers can use these two
applications to prepare questionnaires and manage projects involving stakeholder feedback.

1) Metatude Dialogue Server

The Metatude Dialogue Server (MDS) is the central component within the Metatude architecture.
This server connects to databases and directories with stored stakeholder information,
communicates with electronic channels, stores and serves dialogues and writes results to a
database. All the project information and intelligence to manage projects automatically resides on
this server.

2) Metatude Channel Integration Components

The Metatude Channel Integration Components (MCIC) needs to be installed on an electronic
channel. This allows the channel to communicate with the central server.

3) Metatude Dialogue Designer

The Metatude Dialogue Designer (MDD) is a Windows application that is used to create
questionnaires. With a simple and intuitive interface any user can learn how to create
questionnaires in a matter of minutes. Many question types are supported, e.g. open questions,
multiple choice, multiple response, scale and matrix questions.

4) Metatude Project Manager

With the Metatude Project Manager (MPM) you can manage stakeholder feedback projects. The
MPM can connect via a network to the Metatude Dialogue Server. Once logged on you can
connect databases and directories, create target groups, assign dialogues to (multiple) target
groups and retrieve results in the desired format.

© 2002 Metatude
 5 Lotus Domino LDAP Configuration Guide

2 Installation
2.1 Domino

The following describes how to install your Domino server with an LDAP service. If you have
already installed Domino, and just want to enable the LDAP service, please skip to the paragraph
'Set up Domino LDAP service'.

· Install Lotus Domino Server R5 and select the LDAP service during installation. Domino then
adds the LDAP task to the NOTES.INI file by default.
· Restart your computer after the succesfull installation of Lotus Domino
· Start "Lotus Domino Administrator" from the programs section in your Windows start menu.
· If the password window pops up, please provide a valid password.

Figure 1. Domino Administrator

· Then, you will see the Domino Administrator as shown in figure 1.

© 2002 Metatude
 Installation 6

Figure 2. Create a new person.

· Select the "People & Groups" tab. Use the tree in the frame at the left side to navigate to
"People". Then, create a new Person by using the "Register" option. This is shown in figure 2.
· Next, you will be asked for a valid Certifier Password to register the Person for your domain.
· Add at least one more Person in order to get enough entries in your People section.

Figure 3. Server settings

· Now, select the "Current Server Document" from the "Configuration" tab. You will then see the
server settings in the frame at the right side. See figure 3.
· Next, you can edit the LDAP port number. You do not have to change it, but you will need to
write it down for future reference.

© 2002 Metatude
7 Lotus Domino LDAP Configuration Guide

Figure 4. LDAP Port number

· Select the following sequence of tabs: Ports > Internet Ports > Directory. See figure 4. You
can then see the TCP/IP port number for "Directory (LDAP)". You can change this to any
available port on your computer. Check that the TCP/IP port status is set to "Enabled".
· Please write down the port number. This information is needed when you connect to the Domino
server from the Metatude Project Manager.
· Save your settings to the Domino server by choosing "File > Save" from the menu bar.
· Restart your Domino server to activate the changes you made.

© 2002 Metatude
 Installation 8

2.2 Configure MPM

· Open the Metatude Project manager. Log in with an user that has Administrator privileges. Click
on the "Dir Servers" tab. Then click the "Add Server" button.
· Provide the information for the new directory server. See figure 5.

Figure 5. Add a directory server.

· Provide the host on which the Domino server is located. Also provide the port number that you
have written down while configuring the Domino server. The default base is "c=us". Provide this
base if you haven't changed it in the Domino server. Provide a username and password for
connecting to the Domino server.

© 2002 Metatude
9 Lotus Domino LDAP Configuration Guide

Figure 6. Domino attributes in the Metatude Project Manager

· Now, click on the "Attibutes" tab. After a while you will be able to see all the attributes available in
the Domino server if you correctly filled out the previous information. If the Domino server is not
reachable by the Metatude Dialogue server, or if the information you provided was incorrect, you
will see an error message. Please check the error log file of the Metatude Dialogue Server to get
more information on the error. It is located at Log/ErrorLog/error.txt inside the directory into
which you installed the Metatude Dialogue Server.
· If the attributes show up as shown in figure 6 you've succesfully connected your Domino server
to the Metatude software suite.

© 2002 Metatude
 Reference 10

3 Reference
3.1 Domino LDAP Reference
Reference from Domino 5 Administration Help

(For more details information about Domino LDAP Service, please visit the Lotus Notes help
guides.)

The Domino LDAP service

LDAP, or Lightweight Directory Access Protocol, is a protocol that uses TCP/IP to allow clients to
access directory information. LDAP defines a standard way to search for and manage entries in a
directory, where an entry is one or more groups of attributes that are associated with a
distinguished name. A distinguished name -- for example, cn=Phyllis
Spera,ou=Sales,ou=East,o=Acme -- is a name that uniquely identifies an entry within the directory
tree. A directory can contain many types of entries -- for example, entries for users, groups,
devices, and application data.
To enable the LDAP service on a server, you start the LDAP task on it. Clients that run the LDAP
protocol and are set up to connect to the server -- for example, Notes Release 5 clients that have
accounts for the server, Microsoft Outlook Express clients, and Netscape Communicator clients --
and LDAP-enabled applications can then query the Domino server to retrieve information about
entries in the Domino Directory that meet specified criteria. For example, an LDAP client could
retrieve e-mail addresses and phone numbers for all Person entries that have the last name
Browning.

LDAP service features

The Domino LDAP service supports these features:
· LDAP v3 and v2
· Anonymous access to fields that you specify; name-and-password authentication, SSL and
· x.509 certificate authentication, Simple Authentication and Security Layer (SASL) protocol
· LDAP searches extended to secondary Domino directories
· LDAP client referrals to other LDAP directories
· LDAP searches of document text from databases configured in a Domain Catalog.
· Use of a third-party, LDAP-compliant server -- such as the Netscape Enterprise Web server -- to
authenticate users that have passwords or x.509 certificates stored in the Domino Directory on a
Domino server running the LDAP service. For information on setting up a third-party server to do
this, see the documentation for the server.
· Use of LDAP clients to add, modify, and delete directory entries
· Schema publishing
· Schema checking
· Schema extension
· Searches based on alternate languages

Domino also supports these features that don't require the LDAP service:
· Command-line utility for searching LDAP directories
· Migration tool that lets you import entries from another LDAP directory and register the entries in
Domino
· Although Domino Release 5 doesn't provide an LDAP API toolkit, you can use standard LDAP C,
Java, and JNDI libraries available on the Internet to customize the Domino LDAP API.

© 2002 Metatude
 11 Lotus Domino LDAP Configuration Guide

3.2 Set up Domino LDAP service

Setting up the LDAP service
Before you set up the Domino LDAP service:
Make sure you understand TCP/IP concepts, including DNS host names and IP addressing.
Set up the Domino server, and set up security for the server.

1. To allow clients to connect to the LDAP service over the Internet, connect the server that runs
the LDAP service to an Internet service provider (ISP) and register the server's DNS name
and IP address with the ISP.
2. Create a full-text index for the replica of the Domino Directory on the server that runs the
LDAP service. We strongly recommend creating a full-text index unless LDAP users search
only for names.
3. Start the Domino server, and then start the LDAP task.
4. If your organization uses more than one Global Domain document, you must specify the one
that the LDAP service uses to return users' Internet addresses to LDAP clients. Open the
Global Domain document. In the "Use as default Global Domain" field, choose Yes.
5. Set up LDAP clients to connect to the LDAP service.
6. (Optional) Customize the default LDAP service configuration. In most cases, the LDAP service
functions correctly when using the default settings.
7. To check whether you set up the LDAP service correctly, use an LDAP client or the
ldapsearch utility to issue a query to the LDAP service.

Starting and stopping the LDAP service

To do this: Perform this task
Start the LDAP service automatically when you start Domino:
Edit the ServerTasks setting in the NOTES.INI file to include the LDAP task. Domino adds the
LDAP task by default to the NOTES.INI file if you select the LDAP service during installation.

Start the LDAP service manually:

Enter load LDAP at the console.

Stop the LDAP service:

Enter tell ldap quit at the console.

© 2002 Metatude
 Index 12

Index

-A-
about 3

-C-
configuration 5, 8
connect 8

-D-
databases 4
directories 4
directory server 8
Domino 3, 5, 10, 11

-I-
install 3
installation 5, 8

-L-
LDAP 5, 8, 10, 11

-M-
Metatude Channel Integration Component 4
Metatude Dialogue Designer 4
Metatude Dialogue Server 4
Metatude Project Manager 4, 8

-R-
reference 10

-S-
service 11
setup 11
stakeholders 4

-T-
task 11

© 2002 Metatude